Tip: Regularly Review Your Website for Viruses

In this post, I will examine how to review and scan code regularly to help prevent security breaches and viruses.

The largest and most advanced internet security breaches in history have happened in the last few years.

Take, for example, an admission by Yahoo! that data from every one of it’s 3 billion user accounts had been stolen in 2013. Also frightening is the fact that we still have no idea who did it.

In November of 2017, we learned that the personal details of 57 million Uber drivers and customers were unearthed by hackers. A couple of outside hackers figured out how to scrape private information from cloud-based software that Uber was using . Uber paid the hackers $100,000 in hush money, hoping to keep their customers in the dark. I guess it wasn’t enough.

Another notable data breach was reported by Bloomberg concerning Equifax on September 18, 2017. The stolen personal data included social security and driver’s license numbers of more than 143 million consumers. Hackers accessed this data by exploiting security vulnerabilities in Equifax’s website.

And there have been many more recently.

If these and other enormous companies are vulnerable, where does that leave us? How can we protect ourselves?

You might be thinking that you’re not big enough to be concerned about data breaches, website viruses, or hackers. And you’d be wrong. You might not have the same exposure as these companies and there’s a may be less motive to hack into your website, but I’ve seen first hand the devastation that can be inflicted on smaller organizations.

Here’s a couple of horrifying personal examples…

Years ago, we developed a custom video publishing website for one of our clients. On the night before the launch, our client sent an email campaign, inviting hundreds of customers to visit the website. While half the world was asleep, the hacker found a way in and uploaded dozens of porn videos! His customers woke up to an eyeful.

On another occasion, a hacker created a bot that silently exploited a vulnerability in a Magento PayPal plugin. Some viruses create obvious problems like redirecting pages or triggering anti-virus software. This one remained undetected for more than two years. What did it do? It forwarded credit card information to the hacker’s email address.

It’s not possible to catch every problem in advance, but we’ve learned over the years that there are things that can be done to prevent viruses, hackers, and to shore up security vulnerabilities. Relating to the topic of scanning your code files for viruses, here are some things that we do:

Schedule Regular Reviews

It’s important to make reviewing your code and plugins a regular thing. Don’t wait until there’s a major update or until you want to redesign your website before inspecting your code. We offer plans that include having a competent developer manually review web folders and update code and plugins every month.

Visually Inspect Web Folders

We take a detailed look at the files in web folders to see if there’s something unexpected. For instance, you wouldn’t normally see PHP or JavaScript files inside an image directory. Or, for example, you wouldn’t expect to see a file named “blah.php” inside of the root directory. Being professionally familiar with most the major CMS platforms (e.g. WordPress, Joomla!, Magento, and more), we usually know when something isn’t right.

Automatically scan for viruses

Virus scanners will look for known exploits, or patterns in the code that are likely malicious in nature. We can set up software that reviews your website files on a daily basis.

Get notified if there’s a change

On our WordPress sites, we like to use a program called WordFence. This is a powerful plugin that, among other things, regularly compares your WordPress files against an expected result. If something changes, WordFence instantly sends you an email, allowing you to cut off the problem before the damage is extensive.

If you’d like to have a professional regularly review and update your website, take a look at our security plan or give me a call (530-680-2734). If you’re in the Chico area, I’d love to sit down and talk with you.